Windows Server Core: Installing ADDS Role

Windows Server Core is a great option for your domain controllers.  Generally speaking domain controllers should not be doing anything else and are rarely logged into interactively anyways.  However promoting a machine to a domain controller from the command line is not as intuitive as it could should be.

This article is also very helpful if you want to script the promotion of your domain controllers.

DCPROMO.exe

Just like on a full server install dcpromo.exe is still used to promote a machine to a domain controller.  One of the nice features of dcpromo.exe is that if the Active Directory Domain Services (ADDS) role is not installed dcpromo.exe will add that role to your server for you.

However if you would like to install the ADDS and DNS roles before you begin the promotion process the command lines would be:

dism /online /enable-feature /featurename:NetFx2-ServerCore

dism /online /enable-feature /featurename:NetFx3-ServerCore

dism /online /enable-feature /featurename:DirectoryServices-DomainController-ServerFoundation

dism /online /enable-feature /featurename:DNS-Server-Core-Role

The full command argument options of dcpromo.exe can be found at the Microsoft TechNet documentation site.

The common arguments used in either a new domain or existing domain scenario are:

unattend Specifies that wizard will not be used (required on core). Can also specify a file location with answers required for promotion to domain controller.
replicaOrNewDomain Specifies whether to add a domain controller to a domain or configure a new domain.Replica – Add to existing domain (used if not specified)
ReadOnlyReplica – Add as RODC to existing domain
Domain – Create new domain
safeModeAdminPassword The password for the Directory Services Restore Mode account.

Creating a new Forest

The bare minimum command to create a new forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:forest

/newDomainDnsName:serk.local /domainNetbiosName:SERK

/safeModeAdminPassword:<Password for Directory Services Restore Mode>

Remember that when you create a new Forest you are really creating a new Root level Domain so a lot of the commands will be referencing domain creation.

The common parameters used when creating a new forest are:

newDomain Specifies if you are creating a new forest, new child domain, or new tree:
Tree – Creates a new tree
Child – Creates a new child domain
Forest – Creates a new forest
newDomainDnsName Specifies the DNS name of the new domain.
domainNetbiosName Specifies the Netbios name of the new domain.
domainLevel (optional) Specifies the domain level to set this new domain to:
0 – Windows 2000 (used if not specified)
2 – Windows 2003
3 – Windows 2008
4 – Windows 2008 R2
forestLevel (optional) Specifies the forest level to set this new forest to:
0 – Windows 2000 (used on Windows 2008 if not specified)
2 – Windows 2003 (used on Windows 2008 R2 if not specified)
3 – Windows 2008
4 – Windows 2008 R2

Creating a new Domain in an existing Forest

The bare minimum command to create a new domain in an existing forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:child

/newDomainDnsName:child.serk.local /parentDomainDNSName:serk.local

/domainNetbiosName:CHILD-SERK /childName:child

/userDomain:serk.local /username:administrator /password:*

/safeModeAdminPassword:<Password for Directory Services Restore Mode>

The bare minimum command to create a new tree in an existing forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:tree

/newDomainDnsName:tree.local /parentDomainDNSName:serk.local

/domainNetbiosName:TREE

/userDomain:serk.local /username:administrator /password:*

/safeModeAdminPassword:<Password for Directory Services Restore Mode>

The common parameters used when creating a new domain in an existing forest are:

newDomain Specifies if you are creating a new forest, new child domain, or new tree:
Tree – Creates a new tree
Child – Creates a new child domain
Forest – Creates a new forest
newDomainDnsName Specifies the DNS name of the new domain.
parentDomainDNSName Specifies the parent domains DNS name.
domainNetbiosName Specifies the Netbios name of the new domain.
childName Specifies the single-label DNS name of this child domain.  For example you would specify child if the child domain was child.serk.local.
username Username of account to create domain in forest with.  Must be an enterprise admin account.
userDomain Domain of account specified in the /username parameter.
password Password of account specified in the /username parameter.  You can either specify the plain text password, or a * which will cause you to be prompted at run-time.
domainLevel (optional) Specifies the domain level to set this new domain to:
0 – Windows 2000 (used if not specified)
2 – Windows 2003
3 – Windows 2008
4 – Windows 2008 R2

Adding a Domain Controller to an Existing Domain

The bare minimum command to add a domain controller to an existing domain is:

dcpromo.exe /unattend /replicaOrNewDomain:replica /replicaDomainDNSName:serk.local

/userDomain=serk.local /username=administrator /password:*

/safeModeAdminPassword:<Password for Directory Services Restore Mode>

The common parameters used adding a domain controller to a domain are:

replicaDomainDNSName If joining an existing domain then specifies the DNS name of the existing domain.
username Username of account to join domain with.  Must be a domain admin account.
userDomain Domain of account specified in the /username parameter.
password Password of account specified in the /username parameter.  You can either specify the plain text password, or a * which will cause you to be prompted at run-time.
ConfirmGc (optional) Specifies whether the new domain controller should be a Global Catalog server:
Yes – Sets the new DC to be a GC.
No – Does not set the new DC to be a GC. (Used if not specified)
replicationSourceDC (optional) The FQDN of the domain controller to replicate the domain information from during promotion.  If you do not specify a replication source an existing domain controller will be automatically chosen.
Advertisements

One thought on “Windows Server Core: Installing ADDS Role

Comments are closed.